diff options
| -rw-r--r-- | .drone.yml | 12 | ||||
| m--------- | 3rdparty | 0 | ||||
| -rw-r--r-- | build/OCPSinceChecker.php | 2 | ||||
| -rw-r--r-- | lib/private/App/InfoParser.php | 2 | ||||
| -rw-r--r-- | lib/private/IntegrityCheck/Checker.php | 6 | ||||
| -rw-r--r-- | settings/Controller/SecuritySettingsController.php | 2 | ||||
| -rw-r--r-- | tests/Settings/Controller/SecuritySettingsControllerTest.php | 4 | ||||
| -rw-r--r-- | tests/lib/IntegrityCheck/CheckerTest.php | 37 |
8 files changed, 53 insertions, 12 deletions
diff --git a/.drone.yml b/.drone.yml index c95164c9575..a03ebcd21eb 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,6 +15,12 @@ build: - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues - git submodule update --init - NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite + nodb-php7.1: + image: nextcloudci/php7.1:php7.1-3 + commands: + - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues + - git submodule update --init + - NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite sqlite-php5.6: image: nextcloudci/php5.6:php5.6-2 commands: @@ -27,6 +33,12 @@ build: - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues - git submodule update --init - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite + sqlite-php7.1: + image: nextcloudci/php7.1:php7.1-3 + commands: + - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues + - git submodule update --init + - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite mysql-php5.6: image: nextcloudci/php5.6:php5.6-2 commands: diff --git a/3rdparty b/3rdparty -Subproject a7109f7505ce8ab1775f54ff723b72e4e65c13d +Subproject 700cba55e9483e7514d36ea43ddac36de63c369 diff --git a/build/OCPSinceChecker.php b/build/OCPSinceChecker.php index 0eb1c54f0b8..04a19b3416f 100644 --- a/build/OCPSinceChecker.php +++ b/build/OCPSinceChecker.php @@ -111,7 +111,7 @@ $errors = []; foreach($Regex as $file) { $stmts = $parser->parse(file_get_contents($file[0])); - $visitor = new SinceTagCheckVisitor($this->blackListedClassNames); + $visitor = new SinceTagCheckVisitor(); $traverser = new \PhpParser\NodeTraverser(); $traverser->addVisitor($visitor); $traverser->traverse($stmts); diff --git a/lib/private/App/InfoParser.php b/lib/private/App/InfoParser.php index 734f5c2c6af..e975ad6f096 100644 --- a/lib/private/App/InfoParser.php +++ b/lib/private/App/InfoParser.php @@ -156,7 +156,7 @@ class InfoParser { $totalElement = count($xml->{$element}); if (!isset($array[$element])) { - $array[$element] = ""; + $array[$element] = $totalElement > 1 ? [] : ""; } /** @var \SimpleXMLElement $node */ // Has attributes diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index e6eeaec7349..1db20772b4e 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -249,6 +249,8 @@ class Checker { $privateKey->setSignatureMode(RSA::SIGNATURE_PSS); $privateKey->setMGFHash('sha512'); + // See https://tools.ietf.org/html/rfc3447#page-38 + $privateKey->setSaltLength(0); $signature = $privateKey->sign(json_encode($hashes)); return [ @@ -343,7 +345,7 @@ class Checker { // Verify if certificate has proper CN. "core" CN is always trusted. if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') { throw new InvalidSignatureException( - sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true)) + sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN']) ); } @@ -352,6 +354,8 @@ class Checker { $rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']); $rsa->setSignatureMode(RSA::SIGNATURE_PSS); $rsa->setMGFHash('sha512'); + // See https://tools.ietf.org/html/rfc3447#page-38 + $rsa->setSaltLength(0); if(!$rsa->verify(json_encode($expectedHashes), $signature)) { throw new InvalidSignatureException('Signature could not get verified.'); } diff --git a/settings/Controller/SecuritySettingsController.php b/settings/Controller/SecuritySettingsController.php index 44e07f25a0b..d0d57437799 100644 --- a/settings/Controller/SecuritySettingsController.php +++ b/settings/Controller/SecuritySettingsController.php @@ -61,7 +61,7 @@ class SecuritySettingsController extends Controller { * @return array */ public function trustedDomains($newTrustedDomain) { - $trustedDomains = $this->config->getSystemValue('trusted_domains'); + $trustedDomains = $this->config->getSystemValue('trusted_domains', []); $trustedDomains[] = $newTrustedDomain; $this->config->setSystemValue('trusted_domains', $trustedDomains); diff --git a/tests/Settings/Controller/SecuritySettingsControllerTest.php b/tests/Settings/Controller/SecuritySettingsControllerTest.php index 11b0edcae23..302dc730fc4 100644 --- a/tests/Settings/Controller/SecuritySettingsControllerTest.php +++ b/tests/Settings/Controller/SecuritySettingsControllerTest.php @@ -57,8 +57,8 @@ class SecuritySettingsControllerTest extends \PHPUnit_Framework_TestCase { $this->container['Config'] ->expects($this->once()) ->method('getSystemValue') - ->with('trusted_domains') - ->will($this->returnValue('')); + ->with($this->equalTo('trusted_domains'), $this->equalTo([])) + ->willReturn([]); $response = $this->securitySettingsController->trustedDomains('newdomain.com'); $expectedResponse = array('status' => 'success'); diff --git a/tests/lib/IntegrityCheck/CheckerTest.php b/tests/lib/IntegrityCheck/CheckerTest.php index d67f1382dc9..5823ac0f25c 100644 --- a/tests/lib/IntegrityCheck/CheckerTest.php +++ b/tests/lib/IntegrityCheck/CheckerTest.php @@ -102,8 +102,13 @@ class CheckerTest extends TestCase { ->expects($this->once()) ->method('file_put_contents') ->with( - \OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json', - $expectedSignatureFileData + $this->equalTo(\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json'), + $this->callback(function($signature) use ($expectedSignatureFileData) { + $expectedArray = json_decode($expectedSignatureFileData, true); + $actualArray = json_decode($signature, true); + $this->assertEquals($expectedArray, $actualArray); + return true; + }) ); $keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/SomeApp.crt'); @@ -456,7 +461,12 @@ class CheckerTest extends TestCase { ->method('file_put_contents') ->with( \OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json', - $expectedSignatureFileData + $this->callback(function($signature) use ($expectedSignatureFileData) { + $expectedArray = json_decode($expectedSignatureFileData, true); + $actualArray = json_decode($signature, true); + $this->assertEquals($expectedArray, $actualArray); + return true; + }) ); $keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt'); @@ -486,7 +496,12 @@ class CheckerTest extends TestCase { ->method('file_put_contents') ->with( \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified//core/signature.json', - $expectedSignatureFileData + $this->callback(function($signature) use ($expectedSignatureFileData) { + $expectedArray = json_decode($expectedSignatureFileData, true); + $actualArray = json_decode($signature, true); + $this->assertEquals($expectedArray, $actualArray); + return true; + }) ); $keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt'); @@ -511,7 +526,12 @@ class CheckerTest extends TestCase { ->method('file_put_contents') ->with( \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent//core/signature.json', - $expectedSignatureFileData + $this->callback(function($signature) use ($expectedSignatureFileData) { + $expectedArray = json_decode($expectedSignatureFileData, true); + $actualArray = json_decode($signature, true); + $this->assertEquals($expectedArray, $actualArray); + return true; + }) ); $keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt'); @@ -542,7 +562,12 @@ class CheckerTest extends TestCase { ->method('file_put_contents') ->with( \OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json', - $expectedSignatureFileData + $this->callback(function($signature) use ($expectedSignatureFileData) { + $expectedArray = json_decode($expectedSignatureFileData, true); + $actualArray = json_decode($signature, true); + $this->assertEquals($expectedArray, $actualArray); + return true; + }) ); $keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt'); |